The nuclear crisis in Japan presents an opportunity for India to hone its nuclear technologies further and make them as failsafe as possible.
THE ongoing nuclear crisis in Japan arising from the failures of the safety systems, in particular core cooling systems, of the nuclear power plants (NPPs) struck by the ferocious tsunami on March 11 has naturally led to all-round concern about the safety of India's nuclear power plants. The obvious rationale for this is the doubt whether India can to better when Japan, a leader in technology and known for meticulous planning and discipline, has been found wanting in its preparedness to handle the nuclear emergency.
While the safety record of Indian NPPs has been fairly good, there is no room for complacency and it is an opportune moment to review the safety measures in place in our NPPs and carry out improvements if needed. The Prime Minister too has called for a full technical review of the safety of all the NPPs. Even though a safety audit of all the NPPs was carried out apparently recently, the perspective on the risk associated with NPPs has changed drastically after the incident in Japan. If needed, as former Chairman of the Atomic Energy Commission (AEC) M.R. Srinivasan has said, a safety audit can be conducted for all the plants again with modified benchmarks arising from the altered perspective of risk analysis.
S.K. Jain, Chairman and Managing Director of the Nuclear Power Corporation of India Ltd (NPCIL), has responded to the Prime Minister's call by announcing that the organisation will revisit the safety aspects of all operating nuclear plants. If significant modifications are required, he said, [and] even if it pinches our pocket, we will carry out [the modifications].
Safe design of NPPs in present times has two components to it: criteria based on deterministic requirements and criteria arising from a probabilistic risk assessment (PRA) or a probability safety assessment (PSA). It is clear that the crisis at the Fukushima Daiichi units is the result of an unlikely combination of factors. While details of the exact nature of the problems at the Japanese reactor sites, which have led to failures at multiple levels that seem to be similar across all the afflicted reactors, are not available, the cause was certainly an event of very low probability. It would seem that an adequate safety net against such very low probability events had not been provided for.
Obviously, in any PRA/PSA a cut-off on overall risk would be placed. This would depend on the probability that one assigns to a given event on the basis of experience, history and magnitudes of, say, potentially devastating natural events, and risk is characterised by a product of the probability of an event and the detrimental impact or consequences of the event.
In the light of the ongoing Japanese events, while one can be reasonably sure that deterministic criteria would have been met in most designs, revisiting the safety assessment of NPPs would mean re-evaluating low probability events and incorporating them in risk analysis for every plant.
Only a detailed analysis of the sequence of events at the Japanese plant will give an insight into the kind of low probability events that should be considered. Of course, in any technology these are continuously evolving aspects. The earlier major nuclear disasters, the Three Mile Island accident in 1979, which resulted in a partial meltdown of the reactor core, and the Chernobyl disaster in 1986, which resulted in a reactor explosion, did lead to new engineering designs and modifications to safety systems, the former in failsafe core cooling systems and the latter in improved containment structures and control systems.
In the Japanese case, it is again a potential threat of a core meltdown because of a combination of external factors. What we do not know yet is the exact nature of the externalities that have precipitated into a crisis that is threatening to go out of control, and only with that knowledge can one arrive at the necessary modifications, if any, in the safety provisions of NPPs.
Basically, in any reactor system, the heat generated must equal the heat removed from the reactor core. In the context of the Japanese incident, the issue boils down to uninterrupted access to Ultimate Heat Sink (UHS), which is basically an unlimited supply of water from usually a large body of water needed to cool the reactor core during a loss of coolant emergency.
In the Indian Pressurised Heavy Water Reactors (PHWRs), the Primary Heat Transport (PHT) system for heat removal is similar to that of the Light Water Reactors (LWRs). In case of a Loss of Coolant Accident (LOCA), when there is a design-basis safe shutdown, the residual heat needs to be removed. Both systems have provisions to shut down with multiple systems that are fast acting based on failsafe principles. For cooling in such situations, the Emergency Core Cooling System (ECCS) comes into play, aimed at flooding the reactor core to cool it down. But this has limited capacity to remove all the heat. If the residual heat is high, you would need a large inventory of water as UHS, which can circulate water in the absence of on-site and off-site power. It is here, it would seem, that the Fukushima Daiichi Boiling Water Reactors (BWRs), being of vintage design (GE Mark-1) of 1971, had shortcomings.
The basic philosophy that has been adopted in the safe design of Indian PHWRs is the ability to remove the residual heat by many parallel paths. While all may not be equally efficient, according to scientists of the Department of Atomic Energy (DAE), the removal is fast enough to prevent an unacceptable heat level in the reactor core. In addition to the ECCS, the coolant and moderator are separate in PHWRs, unlike in BWRs, which enables the moderator to be maintained at a low temperature. The moderator is available in significant quantities, which constitutes a substantial heat sink in itself as it resides right inside the reactor core and has its own cooling circuit.
The calandria, the main reactor vessel of a PHWR, is itself inside a water vault, which gives an added advantage for core cooling in such situations. In fact, an inherent safety feature of a PHWR is that it has a large coolant inventory of moderator and calandria vault, which slows down the heat build-up in the core, and core decay here is removed through steam generators by an emergency feed supply system. To improve the availability of moderator and calandria vault water heat sinks, the system pumps are provided with on-site power supplies.
An accident sequence involving loss of coolant with failure of emergency core cooling can lead to a severe accident with failure of maintaining moderator and calandria vault water heat sinks. In such situations, on the primary side there is cooling available at the steam generator (SG), which is at a height of 50 metres from the reactor level, where steam from the reactor can exchange residual heat with its water there by natural convection, though its capacity will be limited.
Besides this, there is also the firefighting system that is available as a secondary water source, which can be operated with an independent source of power, including backup diesel generator sets. In fact, during the turbine fire incident in 1993 at Narora, operators resorted to this fire water storage to douse the fire. The PHWR design includes the backup of direct fire water injection into the core through emergency core cooling lines. In case of station blackout (SBO), involving loss of on-site and off-site A.C. power, fire water pumps independent of station electric power supplies are provided to maintain the heat sink. Fire water is provided to moderator heat exchangers and ECCS heat exchangers, in addition to direct injection into the end-shields of the calandria.
In more recent designs of PHWRs, there is also provision for air cooling by natural convection that circulates within the containment building outside. More recent PHWRs also have passive cooling ability through natural circulation of water, which is intentionally provided but which may not have large capability. Before criticality of new reactor systems, the operators carry out experiments to test the working of such passive cooling systems. But in the yet-to-be-introduced Advanced Heavy Water Reactor (AHWR), such passive cooling is part of the reactor design itself. Similarly, in the Prototype Fast Breeder Reactor (PFBR), too, such a provision exists.
One of the issues raised in the context of the Fukushima accident is that the GE BWRs at Tarapur Atomic Power Station (TAPS)-1 & 2 are of the same vintage in fact, slightly older, being of pre-Mark-1 design and the safety provisions may not be adequate. During an SBO in the case of TAPS-1&2, an emergency condenser, akin to the steam generator, acts as a passive heat sink for about eight hours, according to the NPCIL. Further, in the absence of a significant height difference between the reactor and the SG in TAPS 1 & 2, one of the recent improved safety features is the installation of an innovative thermosiphoning system. This, said Srikumar Banerjee, Chairman of the Atomic Energy Commission (AEC), will keep on taking out the extra heat in a passive manner through natural circulation.
TAPS' pre-Mark-1 design actually does not mean that it is inferior, said N. Nagaich of the NPCIL. In fact, the containment volume of Mark-1 happens to be less than pre-Mark-1 and the later designs, Mark-II and Mark-III. The pre-Mark-1 containment volume is more than twice the Mark-1 containment volume with lower power generation. As a result, said Nagaich, containment to power ratio is about 10 times higher, markedly slowing down the pressure build-up in the containment during a, LOCA event.
In fact, at the turn of the century, the United States Nuclear Regulatory Commission (NRC) had wanted to ban Mark-1 containment in the U.S. Instead, the NRC later issued a notification that the containment features should be upgraded and also that all BWR Mark-1 and Mark-II containments should be rendered inert with nitrogen to prevent a hydrogen explosion as has happened at the units at Fukushima Daiichi.
At TAPS, a major upgradation of the systems and improvements in its safety features was carried out recently towards its licence renewal. These, according to the NPCIL, include Emergency Diesel Generators (EDG), with each of them capable of handling emergency load requirements independently. In addition, there is what is called the SBO-DG, the station blackout diesel generator, which would be operable using batteries. Also, the shared systems of emergency feed water system and shutdown cooling system were divided so that the two units have dedicated systems in each. This has enhanced the reliability and availability of these systems, according to the NPCIL. Since the basic cause of the Japanese incident was the massive March 11 Tohoku earthquake, the other issue that has been raised, particularly by activists, is the aseismic design of Indian NPPs. Seismic engineering is a well-established field and India has a good number of experts, notably at the Indian Institute of Technology (IIT) Roorkee. Indeed, IITR has been involved in the seismic analysis of NPPs since 1972.
Site selection for an NPP, said D.K. Paul of IITR, was very important, and for that a lot of geophysical and geotechnical investigations, including study of features such as faults and shear zones, were carried out. Availability of water and absence of a large population in the vicinity were important, he said.
The site of an NPP should be 50 km from an active fault. Generally, NPPs are located in lower seismic zones, mostly in Zone II and Zone III. However, Narora is located in Zone IV and built on alluvial deposits. A seismic design is based on estimated ground motion and Peak Ground Acceleration (PGA) at the site. The PGA assumed for the Narora NPP is 0.3 g whereas it is 0.1 g to 0.2 g for NPPs in the lower zones, where g, the acceleration due to gravity, is 9.8 m/s2.
For design and safety, the design is based on the characteristics of two earthquakes: Operation Basis Earthquake (OBE), which is the maximum-size earthquake occurring during the lifetime of the structure of the NPP, and Safe Shut Down Earthquake (SSDE), which is estimated from the tectonic features of the site, past earthquake history and other geotechnical considerations. These two earthquakes define the forces that are likely to act on the structure, on the basis of which its designing is carried out.
When the CANDU design of the PHWR was adopted (for the Rajasthan Atomic Power Station), it was found that seismicity considerations had not been factored into the design. A lot of modifications had to be done to make the Canadian reactors aseismic, said Paul. According to him, very rigorous numerical modelling is carried out to estimate the design forces in the different components and subsystems of all reactors. While critical pieces of equipment are validated on a shake table for seismic safety and functional operation, the containment structures are subjected to full-scale testing to see whether they can withstand the prescribed pressure.
While, as claimed by the DAE and the NPCIL, the safety features of Indian NPPS may be adequate, the lack of a truly independent regulator has been a matter of controversy and debate in the Indian context. The Atomic Energy Regulatory Board (AERB), which oversees the safe operation of the NPPs in the country, comes directly under the Atomic Energy Commission, and the Chairman of the AEC is also Secretary of the DAE, whose activities the AERB is supposed to regulate and oversee. The AERB depends on the DAE for its finances and technical support. So the apparent independent authority of the AERB could get compromised when it comes to implementing stringent safety regulations in the NPPs. The current juncture offers an opportune moment to change the structure of the AERB and make it truly independent and autonomous.
The Japanese nuclear crisis has become a convenient weapon for anti-nuclear activists to make their campaign shriller in demanding a complete phase-out of nuclear power. While concerns about adequate safety at Indian NPPs are understandable and should be addressed by the nuclear establishment, the country cannot afford to go back on its nuclear energy option, which would become imperative in the years to come for energy security, by heeding to the irrational fears that are being aired by activists. Whether or not to import nuclear energy technologies, in the light of their far higher costs and technological shortcomings, is another issue. But the country must hone its indigenous nuclear technologies further and make them as failsafe as possible by going though a full-fledged review of the implemented safety measures.